- April 19, 2018
The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base.
April 19, 2018 - The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework.
The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments.
Version 1.1 includes updates on:
- authentication and identity,
- self-assessing cybersecurity risk,
- managing cybersecurity within the supply chain and
- vulnerability disclosure.
The changes to the framework are based on feedback collected through public calls for comments, questions received by team members, and workshops held in 2016 and 2017. Two drafts of Version 1.1 were circulated for public comment to assist NIST in comprehensively addressing stakeholder inputs.
Later this year, NIST plans to release an updated companion document, the Roadmap for Improving Critical Infrastructure Cybersecurity, which describes key areas of development, alignment and collaboration. The process used to update the framework is now published on the Cybersecurity Framework website to ensure all parties understand how future updates will be made.
Numerous industry surveys from organizations such as Gartner, Tenable and Cisco indicate sustained and increasing use of the framework over time. In May 2017, President Trump issued the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure(link is external), which directs all federal agencies to use the Cybersecurity Framework. Corporations, organizations and countries around the world, including Italy, Israel and Uruguay, have adopted the framework, or their own adaptation of it. NIST will host a free public Webcast explaining Version 1.1 in detail on April 27, 2018, at 1 p.m. Eastern time.
NIST is also planning a Cybersecurity Risk Management Conference—which will include a major focus on the framework—for November 6 through 8, 2018, in Baltimore, Maryland. Detailed information on the conference will soon be available on the Cybersecurity Framework website. The website also includes guidance for those new to the framework, links to framework-related tools and methodologies, and perspectives on the framework from those who use it.
NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. NIST is a non-regulatory agency of the U.S. Department of Commerce. To learn more about NIST, visit www.nist.gov.Learn More
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..Subscribe